CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.6%
A flaw was found in HAProxy. An issue in the HTTP/2 multiplexer combined with the zero-copy forwarding system allows remote attackers to trigger under very rare conditions an endless loop and cause a denial of service.
Disable the zero-copy forwarding system to mitigate this issue. Add the following configuration directive in the global section:
global
...
tune.h2.zero-copy-fwd-send off
bugzilla.redhat.com/show_bug.cgi?id=2309732
git.haproxy.org/?p=haproxy-3.0.git;a=commitdiff;h=c725db17e8416ffb3c1537aea756356228ce5e3c
git.haproxy.org/?p=haproxy-3.0.git;a=commitdiff;h=d636e515453320c6e122c313c661a8ac7d387c7f
nvd.nist.gov/vuln/detail/CVE-2024-45506
www.cve.org/CVERecord?id=CVE-2024-45506
www.haproxy.com/blog/cve-2024-45506
www.mail-archive.com/haproxy%40formilux.org/msg45280.html
www.mail-archive.com/haproxy%40formilux.org/msg45281.html